f003.backblazeb2.com Open in urlscan Pro
45.11.36.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://atanasbb.video/rejoice/index.php
Effective URL:
https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html
Submission: On January 27 via manual (January 27th 2022, 7:38:38 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 5 countries across 7 domains to perform 16 HTTP transactions. The main IP is 45.11.36.16, located in United States and belongs to BACKBLAZE, US. The main domain is f003.backblazeb2.com. The Cisco Umbrella rank of the primary domain is 663870.
TLS certificate: Issued by R3 on November 30th 2021. Valid for: 3 months.

This is the only time f003.backblazeb2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	173.231.200.163 173.231.200.163	22611 (INMOTION) (INMOTION)
1	169.46.118.100 169.46.118.100	36351 (SOFTLAYER) (SOFTLAYER)
2	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	104.21.43.96 104.21.43.96	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	45.11.36.16 45.11.36.16	40401 (BACKBLAZE) (BACKBLAZE)
9	188.114.97.7 188.114.97.7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:401... 2a00:1450:401b:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400f:803::2003	15169 (GOOGLE) (GOOGLE)
16	7

1 173.231.200.163 (Virginia Beach, United States) 1 redirects

ASN22611 (INMOTION, US)
PTR: server.optimizedpaginasweb.com

atanasbb.video	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.46.118.100 (Irving, United States)

ASN36351 (SOFTLAYER, US)
PTR: 64.76.2ea9.ip4.static.sl-reverse.com

fzndkv80h5.s3.us-south.objectstorage.softlayer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.43.96 (None, )

ASN13335 (CLOUDFLARENET, US)

yearsmtp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.11.36.16 (United States)

ASN40401 (BACKBLAZE, US)
PTR: f003.backblazeb2.com

f003.backblazeb2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 188.114.97.7 (Medellín, Colombia)

ASN13335 (CLOUDFLARENET, US)

johansmtp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:401b:801::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400f:803::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	johansmtp.com johansmtp.com	171 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 293 fonts.googleapis.com — Cisco Umbrella Rank: 47	62 KB
1	gstatic.com fonts.gstatic.com	44 KB
1	backblazeb2.com f003.backblazeb2.com — Cisco Umbrella Rank: 663870	76 KB
1	yearsmtp.com yearsmtp.com	599 B
1	softlayer.net fzndkv80h5.s3.us-south.objectstorage.softlayer.net	75 KB
1	atanasbb.video 1 redirects atanasbb.video	1 KB
16	7

	Domain	Requested by
9	johansmtp.com	fzndkv80h5.s3.us-south.objectstorage.softlayer.net f003.backblazeb2.com
2	ajax.googleapis.com	fzndkv80h5.s3.us-south.objectstorage.softlayer.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	johansmtp.com
1	f003.backblazeb2.com	fzndkv80h5.s3.us-south.objectstorage.softlayer.net
1	yearsmtp.com	ajax.googleapis.com
1	fzndkv80h5.s3.us-south.objectstorage.softlayer.net
1	atanasbb.video	1 redirects
16	8

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.us-south.cloud-object-storage.appdomain.cloud DigiCert TLS RSA SHA256 2020 CA1	`2021-11-09` - `2022-11-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-22` - `2023-01-22`	a year	crt.sh
backblazeb2.com R3	`2021-11-30` - `2022-02-28`	3 months	crt.sh
*.johansmtp.com R3	`2022-01-05` - `2022-04-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html
Frame ID: 647AA6FFB2037B77F468D0E89D173882
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Document

Page URL History Show full URLs

https://atanasbb.video/rejoice/index.php HTTP 302
https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=http... Page URL
https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

7
IPs

5
Countries

429 kB
Transfer

549 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://atanasbb.video/rejoice/index.php HTTP 302
https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com Page URL
https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://atanasbb.video/rejoice/index.php HTTP 302
https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

index.html Show response
fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/
Redirect Chain

https://atanasbb.video/rejoice/index.php
https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilablene...

74 KB
75 KB

591ms
259ms

Document
text/html

169.46.118.100
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.46.118.100 Irving, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 64.76.2ea9.ip4.static.sl-reverse.com
Software: Cleversafe /
Resource Hash: cdc3bdd3cdb5da6fd123d6ef62f9b6b75b11d637765a03dc9c21667f664bdd08

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Thu, 27 Jan 2022 19:38:32 GMT
X-Clv-Request-Id: 3e08b355-6990-4cd1-a2ec-0a7b86a0c61d
Server: Cleversafe
X-Clv-S3-Version: 2.5
Accept-Ranges: bytes
x-amz-request-id: 3e08b355-6990-4cd1-a2ec-0a7b86a0c61d
ETag: "24841844a4b4bfa7752923205a0afa1f"
Content-Type: text/html
Last-Modified: Wed, 26 Jan 2022 05:52:21 GMT
Content-Length: 76130

Redirect headers

Date: Thu, 27 Jan 2022 19:38:31 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Location: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Cache-Control: max-age=172800
Expires: Sat, 29 Jan 2022 19:38:31 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 125ms
37ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 23 Jan 2022 22:48:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 334197
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 23 Jan 2023 22:48:35 GMT

GET
H2 200 redirect-to-url.php
yearsmtp.com/email-list/__vendor/ 75 B
599 B 1262ms
1223ms XHR
text/html 104.21.43.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://yearsmtp.com/email-list/__vendor/redirect-to-url.php?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https%3A%2F%2Ff003.backblazeb2.com%2Ffile%2Fbeladying-unaffied-unspoilableness%2Findex.html&url_02=https%3A%2F%2Ff003.backblazeb2.com%2Ffile%2Fpercentable-ricebird-unspurred%2Findex.html&url_03=https%3A%2F%2Ff003.backblazeb2.com%2Ffile%2Falliage-nonirradiated-reheated%2Findex.html&url_04=https%3A%2F%2Ff003.backblazeb2.com%2Ffile%2Famphicarpia-scissurellid-toothlessness%2Findex.html&url_05=https%3A%2F%2Ff004.backblazeb2.com%2Ffile%2Faetosaurian-check-unribboned%2Findex.html&redirect=https%3A%2F%2Fwww.amazon.com&fragment=
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.43.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Referer: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2c6UiKIL2BNBB9KPcdB4hf4yaPBoB8JOaq%2BBhGU64h7DeMCTeVmadcEkJOOfMZfWK4I4W3ZM3rH8e5uS7WU%2BsiD2zu38De5hcTmeee6aJeCh4jxVMNxKSaPIKavFCM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 6d447123cb4e68fb-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200 Primary Request index.html Show response
f003.backblazeb2.com/file/alliage-nonirradiated-reheated/ 76 KB
76 KB 90ms
30ms Document
text/html 45.11.36.16
BACKBLAZE

General

Check archive.org

Show headers Download Go to

Full URL: https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.11.36.16 , United States, ASN40401 (BACKBLAZE, US),
Reverse DNS: f003.backblazeb2.com
Software: /
Resource Hash: aa9232231dd76ca888fdfd209c61f695ce24b1a3720ba027f04e894c50c155e5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/

Response headers

x-bz-file-name: index.html
x-bz-file-id: 4_z2c39b33e4598957d75ed0515_f1016f6602e7956ff_d20220126_m164829_c003_v0312008_t0016
x-bz-content-sha1: a271332c2ce7acb4355779c5d09aa2a92c06265a
X-Bz-Upload-Timestamp: 1643215709000
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 77834
Date: Thu, 27 Jan 2022 19:38:33 GMT
Keep-Alive: timeout=5
Connection: keep-alive

GET
H2 200 style.css
johansmtp.com/email-list/sharepoint/sp2/css/ 4 KB
2 KB 221ms
34ms Stylesheet
text/css 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/css/style.css
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8b2949941b3516df05a7b72e7bcaf885215a23d02c501aec2f8258431f038d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
cf-polished: origSize=5216
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 05 Jan 2022 12:41:19 GMT
server: cloudflare
etag: W/"61d591ef-1460"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=13D15x0vIdQNuMznqVfsiTYNuFI%2BWS4EAm3UnMReMg3i7NUzV%2F6CvNNZ%2FPVXw4ts7BwBuUFWR8v5VQvMtHcgfRiZgDV63PgVjeZnLHe8q0Or3vXjvW%2B%2Ff%2FLwbYXIojIT"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6d44712d6db65c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f003.backblazeb2.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 25 Jan 2022 11:54:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 200620
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30399
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jan 2023 11:54:54 GMT

GET
H2 200 header-logo.png
johansmtp.com/email-list/sharepoint/sp2/images/ 8 KB
8 KB 216ms
30ms Image
image/png 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/header-logo.png
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 433924b4f8a9ea44393a2a7bba64f61b2746a468986e1766710ee5b2792a54fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7774
last-modified: Wed, 05 Jan 2022 12:41:25 GMT
server: cloudflare
etag: "61d591f5-1e5e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmTC9jmFoPY9r8iT3rqfcmVxMCw68UdD58Ue7fMR%2BdfsUAdtwP8BRJKqqrxm8sNC9KGnVcHL26Y%2FebjsOzmDs7KS5JydEeE%2B4qb0mg6D%2FNj3NV1BvPQvvvU0ezw0Bb56"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d6dcc5c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gmail.jpg
johansmtp.com/email-list/sharepoint/sp2/images/ 14 KB
15 KB 208ms
22ms Image
image/jpeg 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/gmail.jpg
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0395c2d974a610a5826088c1752b49945c0b38e841389e794bf7171e2326982c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14617
last-modified: Wed, 05 Jan 2022 12:41:23 GMT
server: cloudflare
etag: "61d591f3-3919"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pct7N2DqlrO4%2BgR0PSA7kmw3blyS76zUPyvg37nfpHGIrKAMy9LV3%2FjhzSXKa%2FlKRaauOJhEkjmdIKyaHBYXef%2FTJGozjsSztPl4olIauYeUkUQ%2BperFBY9rmQAT31pg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d7dd15c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 aol.jpg
johansmtp.com/email-list/sharepoint/sp2/images/ 14 KB
14 KB 217ms
32ms Image
image/jpeg 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/aol.jpg
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2bf99365d81089bbb0939d15bd959809492c068555dbead87f91802589ef5a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13869
last-modified: Wed, 05 Jan 2022 12:41:20 GMT
server: cloudflare
etag: "61d591f0-362d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wTDhLvkfflPWFU%2BcNSOFSvw03QpM7Ry1XNnk%2Ff9wsjrnvD3upibAK9zGeCPgu%2FjRS98L0dr2yFdP9QoDpzIobMo8Gl8hqCS%2BtDqDz7WD%2F1epids7cd7vtJ2jcX4RrZiI"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d6dc95c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 outlook.jpg
johansmtp.com/email-list/sharepoint/sp2/images/ 15 KB
15 KB 214ms
28ms Image
image/jpeg 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/outlook.jpg
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8911de9c6b54ea92f9322ea7570ee16713718211f4dabc77b820256dc923b4c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15442
last-modified: Wed, 05 Jan 2022 12:41:21 GMT
server: cloudflare
etag: "61d591f1-3c52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FRUGx7uuiNBMKky7lIESofgB3ehTpZ2j1isUlah8EiP2s3ZJ89NVJ2X%2FC3NeQSw2Ow8l8XsljB4i8vKbbSssrosALTcUbrg933wgjM0swUSHgS3x0ET9OyKip9fSzuP"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d6dc75c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 office.jpg
johansmtp.com/email-list/sharepoint/sp2/images/ 14 KB
14 KB 210ms
25ms Image
image/jpeg 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/office.jpg
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bedcbef0141493931f41db1b4410c80f62812f1d5a5f98de10fcfe4da57e994d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14352
last-modified: Wed, 05 Jan 2022 12:41:20 GMT
server: cloudflare
etag: "61d591f0-3810"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cOiUVhH0MF9D9HutxOJFlARlo9gJ30TrSOXNFyhpgI7snZ3yujoqTJe%2BGWJ8Ph2QAS0neHC%2BUm1NWU7WKrbkgi2HZaInnUn1tL6%2FHbxP4q3Ql5%2FR2ZRcnJg691H0PlJU"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d6dc35c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 yahoo.jpg
johansmtp.com/email-list/sharepoint/sp2/images/ 15 KB
15 KB 214ms
31ms Image
image/jpeg 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/yahoo.jpg
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dcb3f39c6f1c7f2b0fa75391efa497c84ade4b3a12867af284fbe224d24c3e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14939
last-modified: Wed, 05 Jan 2022 12:41:21 GMT
server: cloudflare
etag: "61d591f1-3a5b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoDvsuy1VpyFkEQlRpQZIwUIF1NnhVepwqsv8wYK1sClSOJccsYqF1Q6sdr4BQMHHMEgAQ2YsTxIRJh2ltsCgjIfWU0oP3YrCz%2BPL%2FGQe6Wt8WsBDvmXcdIU%2FKIXkMTh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d6dc45c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 other.jpg
johansmtp.com/email-list/sharepoint/sp2/images/ 14 KB
14 KB 210ms
27ms Image
image/jpeg 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/other.jpg
Requested by: Host: fzndkv80h5.s3.us-south.objectstorage.softlayer.net
URL: https://fzndkv80h5.s3.us-south.objectstorage.softlayer.net/encloses/index.html?key=a1bdc6dd51c39c875960545e2a737707988bd6e1&url_01=https://f003.backblazeb2.com/file/beladying-unaffied-unspoilableness/index.html&url_02=https://f003.backblazeb2.com/file/percentable-ricebird-unspurred/index.html&url_03=https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html&url_04=https://f003.backblazeb2.com/file/amphicarpia-scissurellid-toothlessness/index.html&url_05=https://f004.backblazeb2.com/file/aetosaurian-check-unribboned/index.html&redirect=https://www.amazon.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7976b777c1a1d694739e57292d1629d371aa79be6d7a2a87bcb0d0b9edad79f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14360
last-modified: Wed, 05 Jan 2022 12:41:22 GMT
server: cloudflare
etag: "61d591f2-3818"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rxZ0TfamUeTYAibj70XZiY2xPjr%2BRePC6rDnt03vSUGC%2BAiXdNtqY68oiaZUN2LoSzaxAf0ooO%2BYTR4cIokK%2FluSF%2BhLpCxILublG4kRC8%2BK%2FO%2FfdJD%2Bwe5cJuFb7cSp"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d6dc05c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 other-email-bg.jpg
johansmtp.com/email-list/sharepoint/sp2/images/ 73 KB
74 KB 330ms
146ms Image
image/jpeg 188.114.97.7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://johansmtp.com/email-list/sharepoint/sp2/images/other-email-bg.jpg
Requested by: Host: f003.backblazeb2.com
URL: https://f003.backblazeb2.com/file/alliage-nonirradiated-reheated/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.7 Medellín, Colombia, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f8a773c568a4b8181d3796b724647bd0430198457699649a2d9a7425f88e57e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f003.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 19:38:34 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 74930
last-modified: Wed, 05 Jan 2022 12:41:25 GMT
server: cloudflare
etag: "61d591f5-124b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8hXDG%2BpTDtiOy8%2B0WNByWqhCOdjxW2BOGwhoktA4hL%2BXM5mdFdwEVGhDZrQprX4Dyse8whxF23ju%2F3pnsc23BdUh8A6MFJ0dDxqJ5sZ7%2BfJxoaQd1Jkq9C8rRGO6RA8"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6d44712d6dbd5c02-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 172ms
64ms Stylesheet
text/css 2a00:1450:401b:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800

Requested by

Host: johansmtp.com
URL: https://johansmtp.com/email-list/sharepoint/sp2/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:401b:801::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3108303dc4c635fdd0ab7d1cf121cf92084bf7eccabf08416f7f5a959f255b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://johansmtp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 18:17:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 27 Jan 2022 19:38:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 Jan 2022 19:38:34 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 114ms
35ms Font
font/woff2 2a00:1450:400f:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://f003.backblazeb2.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 22 Jan 2022 01:25:20 GMT
x-content-type-options: nosniff
age: 497594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 22 Jan 2023 01:25:20 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
atanasbb.video
f003.backblazeb2.com
fonts.googleapis.com
fonts.gstatic.com
fzndkv80h5.s3.us-south.objectstorage.softlayer.net
johansmtp.com
yearsmtp.com
104.21.43.96
169.46.118.100
173.231.200.163
188.114.97.7
2a00:1450:4001:827::200a
2a00:1450:400f:803::2003
2a00:1450:401b:801::200a
45.11.36.16
0395c2d974a610a5826088c1752b49945c0b38e841389e794bf7171e2326982c
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
433924b4f8a9ea44393a2a7bba64f61b2746a468986e1766710ee5b2792a54fa
5f8a773c568a4b8181d3796b724647bd0430198457699649a2d9a7425f88e57e
7976b777c1a1d694739e57292d1629d371aa79be6d7a2a87bcb0d0b9edad79f2
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
9dcb3f39c6f1c7f2b0fa75391efa497c84ade4b3a12867af284fbe224d24c3e9
a8911de9c6b54ea92f9322ea7570ee16713718211f4dabc77b820256dc923b4c
aa9232231dd76ca888fdfd209c61f695ce24b1a3720ba027f04e894c50c155e5
b2bf99365d81089bbb0939d15bd959809492c068555dbead87f91802589ef5a9
bedcbef0141493931f41db1b4410c80f62812f1d5a5f98de10fcfe4da57e994d
cdc3bdd3cdb5da6fd123d6ef62f9b6b75b11d637765a03dc9c21667f664bdd08
d8b2949941b3516df05a7b72e7bcaf885215a23d02c501aec2f8258431f038d6
e3108303dc4c635fdd0ab7d1cf121cf92084bf7eccabf08416f7f5a959f255b4
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

f003.backblazeb2.com Open in urlscan Pro 45.11.36.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

38 %IPv6

7 Domains

8 Subdomains

7 IPs

5 Countries

429 kBTransfer

549 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

f003.backblazeb2.com Open in urlscan Pro
45.11.36.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

7
IPs

5
Countries

429 kB
Transfer

549 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!